I think you can do this with a reverse proxy to add the authentication headers.
I have walked through using an nginx proxy to auto-authenticate kibana hosted inside an iframe. nginx attaches a username and password to the custom header, which works, though I did not introduce a custom auth realm into the mix.
If your kibana and hosted iframe code is on the same domain, you might also be able to grab and set a cookie.
Here are a couple additional links that might prove useful: